Paper Example on Personal Data Protection in America

Introduction

The social setting of the 21st century is profoundly influenced by personal data. However, recent events have exposed Americans' right to privacy and personal data protection to various risks of breach (O'Connor, 2018). Both the private and governmental organizations have faulted in their corporate social responsibility to ascertain the confidentiality and security of personal data processed in their information and network systems (O'Connor, 2018). Thus, various users have only learned of data breaches after harm is occasioned and sensitive personal information have been subjected to improper disposal or disclosure.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

According to findings of a recent study by Pew Research Centre, only half of Americans are ascertained of the security of personal data fed to information systems for processing (O'Connor, 2018). Further, the study established that the public generally lacked faith in both private and public institutions to protect their data. Recent breaches by various organizations confirm fears regarding the security of personal information. For instance, sensitive information attributed to over 143 million Americans was exposed during the Equifax breach in 2017 (Armerding, 2018). Further, internet service companies such as Yahoo have admitted violations in which millions of user accounts were compromised by hackers.

The deplorable state of personal data protection in America is attributed to lack of a single federal policy framework that protects privacy and security rights (Koltun, 2018). Instead, various states have enacted different policies that relate to specific sectors such as health and insurance. The sectoral laws also depict disparities such as data breach notification policies (O'Connor, 2018). The U.S. lacks a system of specific rules, regulations, and mechanisms that harmoniously enforce and implement data protection policies. To this end, there is a need to move away from the existing patchwork of data protection policies to a federal policy that provides for interventions that ascertain the security of sensitive personal information processed by organizations.

Description of Current Policies

The prevailing U.S. policy framework relating to the security of personal information and privacy rights exists in fragments of state and sector-specific instruments. The first limb of federal laws that govern the collection and processing of personal information is the sectoral policies. For instance, The Federal Trae Commission Act of 1914 warrants sanctions against deceptive or unfair practices as a matter of online and offline privacy and data security (Jolly, 2017). However, FTC has limited jurisdiction hence may not enforce its mandate against institutions such as banks, non-profit entities, and some internet service providers.

On the other hand, the Children's Online Privacy Protection Act of 1998 protects the privacy of sensitive personal information collected from children (Jolly, 2017). The FTC is also in charge of implementing the Act by enforcing actions against organizations that are in breach of the same. Similarly, the Financial Services Modernization Act of 1999 was established to keep financial institutions in check concerning the collection, processing, and disclosure of personal financial information (Jolly, 2017). Under this enactment, banks, insurance firms and other providers of financial services are barred from disclosing personal information that is not meant for public consumption.

The Health Insurance Portability and Accountability Act of 1996 also provides for policies that protect the processing and disposal of medical information (Jolly, 2017). According to its policies, health care providers, pharmacies, and processors of medical information are required to observe security standards for the protection of medical data. Other sectoral policies that purport to protect the confidentiality and security of personal data include the Fair Credit Reporting Act, The Controlling the Assault of Non-Solicited Pornography and Marketing Act, and The Electronic Communications Privacy Act among others (Koltun, 2018). Other policies are enshrined in state laws relating to privacy.

Plan for Social Advocacy (Action Plan)

Due to disparities in the sectoral policies and state laws, there is need to reconsider the legislative framework that regulates privacy and security of personal information in the U.S. Thus; the action plan is guided by the overall objective which is to establish a unitary system of laws that provide for uniform data protection policies. Therefore, the first step is to harmonize the current federal and state rights and responsibilities relating to privacy and data security (O'Connor, 2018). This shall involve tabling a proposal before Congress for the enactment of a comprehensive data protection policies or deliberation of the initially proposed Fair Information Practice Principles.

Another intervention would be to implement preventive incentives and impose punitive monetary fines rather than encouraging self-punishing disclosures (Koltun, 2018). Thus, both private and public organizations would be required to be precautious to implement best practices that diminish privacy and security risks. Further, it is important to set unitary national standards for data breach notifications; taking to account the competing standards that manifest in sectoral and state laws in this regard (Moerel, 2012).

For effectiveness, the prospective policies shall confer to individuals the private right of action against conduct involving a breach of corporate social responsibility (Moerel, 2012). This measure shall be accompanied by creating sufficient enforcement mechanisms to address the harm resulting from unlawful exposure of personal data and other breaches. As such, companies shall be charged with the fiduciary duty of care for personal information.

How Action Plan Will Address the Social Problem

The proposed action plan shall ensure protection of personal data by encourage best data processing practices in organizations as a mandatory corporate social responsibility. Further, the imposition of compulsory monetary fines shall achieve deterrence among organizations relating to exposing sensitive personal information to privacy and security risks. Further, the establishment of a unitary federal system of laws will eliminate the discrepancies in sectoral laws and prescribe uniform interventions for protection of personal data. This will also eliminate competing state laws, for instance, by establishing uniform standards for data breach notification and merging the multiple enforcement regimes. Imposing a fiduciary duty of care on companies shall also create legal certainty and legitimate expectations arising from people's right of action and remedies incidental to breach of data protection laws

The Need for Continued Policy Advocacy

It is established that a future with perfect security in relation to processing of personal data is impossible to achieve. The imminent vulnerability of all organizations to continued threat of intrusion by competitors, the government or malicious intruders makes it necessary to exercise continuous vigilance in protection of personal data (Moerel, 2012). Due to technological advancements, it would be important to review the interventions relevant to averting personal data privacy and security risks by keeping up with trends.

References

Armerding, T. (2018, January 26). The 17 Biggest Data Breaches of the 21st Century. Retrieved from CSO From IDG: www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.amp.html

Jolly, L. (2017, July 1). Data protection in the United States: an overview. Retrieved from Thomson Reuters: https://content.next.westlaw.com/Document/I02064fbd1cb611e38578f7ccc38dcbee/View/FullText.html?contextData=(sc.Default)&transitionType=Default&firstPage=true&bhcp=1

Koltun, N. (2018, April 18). Time is Ripe for Congress to Act on Data Protection Legislation, Say Privacy Advocates. Retrieved from Marketing Dive: www.marketingdiev.com/news/time-is-ripe-for-congress-to-act-on-data-protection-legislation-say-privac/521485/

Moerel, L. (2012). Binding Corporate Rules: Corporate Self-Regulation of Global Data. OUP Oxford.

O'Connor, N. (2018, January 30). Reforming the U.S. Approach to Data Protection and Privacy. Retrieved from Council on Foreign Relations: https://www.cfr.org/report/reforming-us-approach-data-protection